Lucene search
K

5554 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49186

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.3AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.29 views

PT-2026-49562

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description A Denial of Service DoS issue exists in the @angular/common package. The formatNumber...

8.2CVSS5.8AI score0.00161EPSS
Exploits0References5
OSV
OSV
added 2026/06/13 8:57 a.m.12 views

BIT-GITLAB-2026-10087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/12 1:13 a.m.13 views

CVE-2026-44496

A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service DoS, where the affected browser tab may...

7.5CVSS5.1AI score0.00645EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in...

7.1CVSS5.5AI score0.00103EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.45 views

MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 / 9.0.0-rc0 Multiple Vulnerabilities

The version of MongoDB installed on the remote host is 7.0.x prior to 7.0.35, 8.0.x prior to 8.0.24, 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References10
NVD
NVD
added 2026/06/11 12:16 p.m.14 views

CVE-2026-10087

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a...

8.7CVSS0.00249EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 10:19 a.m.11 views

EUVD-2026-36223

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a...

8.7CVSS6AI score0.00249EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48643

Name of the Vulnerable Software and Affected Versions GitLab EE versions 17.1 through 18.10.7 GitLab EE versions 18.11 through 18.11.4 GitLab EE versions 19.0 through 19.0.1 Description Improper input sanitization in the Analytics Dashboard allows an authenticated user with developer-role...

8.7CVSS5.6AI score0.00249EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.9 views

GitLab 跨站脚本漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE from 17.1 to 18.10.8, 18.11 to 18.11.5, and 19.0 to 19.0.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input in the analysis...

8.7CVSS6.1AI score0.00249EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

GitLab 17.1 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-10087)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

8.7CVSS6AI score0.00249EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.9 views

CVE-2026-47993

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/10 12:0 a.m.10 views

ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ASUS Software Manage...

7.8CVSS6AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:17 p.m.10 views

CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS0.00103EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.3 views

UBUNTU-CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.3AI score0.00103EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 9:56 p.m.36 views

CVE-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 9:56 p.m.6 views

CVE-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 9:56 p.m.37 views

CVE-2026-9741

CVE-2026-9741 affects the MongoDB client-side encryption/QueryAble Encryption workflow, specifically the $vectorSearch aggregation stage. The root cause is in query analysis processing for QE or CSFLE, where literal values for encrypted fields used in the $vectorSearch stage filter expressions ar...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2026/06/09 9:56 p.m.9 views

Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder